SSL with backend SSL on CSS 11500

Discussion in 'Cisco' started by Olivier PELERIN, Aug 30, 2004.

  1. Hi,

    I have 2 CSS 11503 running 7.20 standard image and I would like use the
    CSS for web mail access.

    In Short

    From vlan 5. users access a VIP 10.131.182.120 and 4 servers are
    located in Vlan415. theses 4 servers are lotus notes server with SSL
    task enabled and I need to build a failover access ( sorryserver).


    My current main issue is the fact CSS do not terminate the SSL
    handshaking. Any clue why and how should I troubleshoot?

    circuit VLAN5

    ip address 10.131.182.124 255.255.255.128
    ip virtual-router 1 priority 150 preempt
    ip redundant-interface 1 10.131.182.126
    ip redundant-vip 1 10.131.182.100
    ip critical-service 1 VLAN5_RTR

    circuit VLAN415

    ip address 10.131.182.130 255.255.255.128
    ip virtual-router 2 priority 150 preempt
    ip redundant-interface 2 10.131.182.129
    ip critical-service 2 VLAN5_RTR

    !*********************** SSL PROXY LIST ***********************
    ssl-proxy-list Webmail-test
    ssl-server 1
    ssl-server 1 rsakey test-ssl
    ssl-server 1 rsacert test-ssl
    ssl-server 1 vip address 10.131.182.120
    backend-server 10
    backend-server 10 ip address 10.131.182.252
    backend-server 10 server-ip 10.131.182.252
    backend-server 20
    backend-server 20 ip address 10.131.182.251
    backend-server 20 server-ip 10.131.182.251
    backend-server 30
    backend-server 30 ip address 10.131.182.250
    backend-server 30 server-ip 10.131.182.250
    backend-server 40
    backend-server 40 ip address 10.131.182.249
    backend-server 40 server-ip 10.131.182.249
    backend-server 10 cipher rsa-with-rc4-128-sha
    backend-server 20 cipher rsa-with-rc4-128-sha
    backend-server 30 cipher rsa-with-rc4-128-sha
    backend-server 40 cipher rsa-with-rc4-128-sha
    backend-server 10 cipher rsa-with-rc4-128-md5
    backend-server 20 cipher rsa-with-rc4-128-md5
    backend-server 30 cipher rsa-with-rc4-128-md5
    backend-server 40 cipher rsa-with-rc4-128-md5
    ssl-server 1 cipher rsa-with-rc4-128-md5 10.131.182.200 80
    backend-server 10 version ssl
    backend-server 20 version ssl
    backend-server 30 version ssl
    backend-server 40 version ssl
    active

    !************************** SERVICE **************************




    service backend-jdebuns17
    ip address 10.131.182.249
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns18
    ip address 10.131.182.250
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns19
    ip address 10.131.182.251
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns20
    ip address 10.131.182.252
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service ssl_front
    slot 2
    type ssl-accel
    keepalive type none
    add ssl-proxy-list Webmail-test
    active

    !*************************** OWNER ***************************


    owner webmail-test

    content back_maildebu19a
    vip address 10.131.182.200
    add service backend-jdebuns17
    url "/*"
    protocol tcp
    port 80
    active

    content front
    vip address 10.131.182.120
    application ssl
    add service ssl_front
    protocol tcp
    port 443
    active
    Olivier PELERIN, Aug 30, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RT
    Replies:
    0
    Views:
    3,984
  2. Replies:
    0
    Views:
    530
  3. CSS 11500 session log

    , Aug 25, 2006, in forum: Cisco
    Replies:
    3
    Views:
    1,034
  4. Sessions on CSS 11500

    , Mar 28, 2007, in forum: Cisco
    Replies:
    4
    Views:
    803
  5. linguafr

    CSS 11500 Specs

    linguafr, May 12, 2007, in forum: Cisco
    Replies:
    1
    Views:
    436
    Thrill5
    May 12, 2007
Loading...

Share This Page